<?php
require_once("test_7_common.php");
session_start();
//判断用户是否存在
//判断用户密码是否正确

$username = $_POST["Username"];
$password = $_POST["Password"];

$sql = 'SELECT * FROM account WHERE Username = \''.str_replace("''",'',$username).'\'';
$sqli = createDb();
$rs = $sqli->query($sql);
//echo mysqli_error($sqli);
$row = $rs->fetch_assoc();

if(!$row) echo "用户名不存在!<br/>";
else{
    $passwordIndb = $row["Password"];
    if($passwordIndb!=$password){
        echo "密码错误!<br/>";
    }else{
        //setcookie("myid".$row["Id"]);
        $_SESSION["user"] = $row;  //让服务器记住当前访问者已经验证过用户名及密码
        //setcookie("user",$rs["Id"]);
        //echo "登录成功!<br/>";
        $url = "test_7_article_list.php";
        Header("location:$url");
        die("");
    }
}
?>